I'm planning on virtualizing a domain controller. Are there any problems I need to worry about?
here's a good KB
Hello,
Timekeeping, assuimg your clients gets the time from the Domain Controllers. if this is the case, you have to plan your NTP Server to feed the ESX Hosts, then configure the VMware Tools to synch the time from the ESX Hosts. Then, your clients will get proper time from the DCs.
Don't run only single DC, run ADC as well and palance the FSMO Roles. And create Affinity Rule in the ESX Cluster to always separate those VMs across your hosts.
Attached a great documets might help you out.
Best Regards,
Hussain Al Sayed
If you find this information useful, please award points for "correct" or "helpful".
Hello. Here are a few more links worth checking out.
http://kb.vmware.com/kb/1006996
http://support.microsoft.com/kb/875495 - Windows 2003
http://support.microsoft.com/kb/885875 - Windows 2000
Good Luck!
To go along with the other suggestions, do not P2V an existing Domain Controller.
To go along with the other suggestions, do not P2V an existing Domain Controller.
This is an excellent point. This is probably related to the reason why you shouldn't snapshot a Domain Controller either. I'm glad I asked this question. AD is a finnicky little SOB.
If you want to take a snapshot of AD or use VCB to back up AD, it's best to take a System State Backup first.
There is also a VMworld 2007 presentation for virtualize Domain Controller with best practices you can download if you have access. Just make sure you configure your NTP server via w32time.exe and change registry setttings or VMware tools. DO NOT P2V your DC and should not take snapshot anyways, since its out of sync when you restore from snapshot. Best is to build a new DC from scratch promote from there.
If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!
Regards,
Stefan Nguyen
VMware vExpert 2009
iGeek Systems Inc.
VMware, Citrix, Microsoft Consultant
I'm very interested on this question.
I've attempted to P2V an existing domain controller by means vCenter Converter and I've experienced a big issue described on this my precedent post:
http://communities.vmware.com/message/1247088
But I've don't understood what you say on this post:
"do not virtualize an existing domain controller" it means that can we create a new DC on a new virtual machine (i.e. performing a primary restore from a valid backup) without any issue?
In other words, if we recreate a DC (by means a primary restore) on a new virtual machine and not performing a P2V conversion (by means vCenter Converter) it works perfectly as a physical machine?
And, if we perfom regular backups of the virtual DC by means:
1) shutdowning the VM
2) copying the VM's files on a NAS server
in the event of failure of the host server can we copy the VM's DC backup file on an other new host and restart it in a production environment without any issue ?
Thanks in advance.
Ing. Cosimo MERCURO
Mercuro for Business
With virtualizing Domain Contollers, the best route is to spin up a new VM and promote it to DC. You should always have two DCs in your Infrastructure, so demoting a physical DC and promoting a virtual DC should not be an issue. You do not need to do any type of restore when setting up a virtual DC.
To backup a DC, your backup software should be taking a System State backup of the DC. This can be done while the DC is running. You can also use Windows Backup to take a System State backup and dump the file to a drive. Though not advised by Microsoft, we do snapshot our virtual DC servers and back them up with VCB. We do, however, take a System State backup of the DC before the snapshot.
More than likely if one of my two DCs were to crash and go down, I would just build a new VM and promote it to DC unless there was some database corruption in the existing DC that would require a restore from backup.
I second jg's point. It's just so damn easy to fire up a second server and promote it to a DC. I'd prefer having at least one physical DC anyways.
Our biggest issue was time keeping. Once we set VMTools to synch hardware time and server time, the virtual DC's did fine.
Aloha - This a general question to a board admin. I hope ones sees it. Has there ever been any consideration to setting up a FAQ?? I've been here long enough to see that there are a certain set of questions that are gaurenteed to be asked once a week (such as this thread). A FAQ would be a good central repository of information (such as a link to previous threads and information external to this board) and prevent the same topics from being endlessly rehashed.
Bill
m4biz, the difficulty with what you describe is that if you restore such an offline backup, you're just made the same effective change as restoring a snapshot, or ghost image.
Just look at it like this:
If you roll back your Domain Controller to an earlier image, for any reason, your AD will get out of sync and break.
The only way to safely do any sort of restoration of a domain controller is a restore of the System State using AD aware applications.